Maintaining the resilience and stability of the global Internet requires collaborative efforts between Internet Service Providers (ISPs), government agencies, enterprises, security vendors and end users.

Enterprises need to consider that even if they have protection against distributed denial of service (DDoS) attacks, their business could be taken offline if their Internet Service Provider (ISP), hosting provider or Domain Name Service (DNS) provider does not have adequate DDoS protection.

Corero Network Security, in conjunction with Fierce Telecom has released "The Future of DDoS Protection: Turning the Threat into a Revenue Generating Opportunity". This executive summary highlights the unique needs of Service Providers, when deploying DDoS mitigation for infrastructure protection, as well as a new service offering for their customers.

Distinguishing between “good” traffic and “bad” network traffic has not always been easy, and it has been traditionally difficult to present in visual terms. But when IT security staff can see network intrusions in real-time, they can better defend against them.

Internet service providers are increasingly treated more like public utilities than consumer services; will government regulations require that they block DDoS traffic? That remains to be seen. Ultimately the demands of enterprises and consumers may have more influence than any government regulations. The business landscape may require ISPs to provide DDoS protection, if only to protect themselves from litigation.

If you think your network is safe from distributed denial of service (DDoS) attacks just because your website or web application has not been taken offline, think again. The cyber threat landscape continues to evolve dramatically. In terms of DDoS attack trends, two things have happened.

A recent TripWire study highlights the growing problem of cyberattacks, and whether IT staff feel that their companies have the right combination of skills and technology to cope with various types of cyber threats.

Several months after the now-infamous DDoS attack on DNS provider Dyn last October, the incident continues to make headlines. Earlier this month, reports emerged about the scale of customer losses that the company experienced in the wake of the attack. According to security ratings provider, BitSight, roughly 8% of Dyn’s customer base stopped using their services in the aftermath of the attack.

Corero's new product, the SmartWall® Service Portal, enables Internet Service providers and hosting providers to offer DDoS Protection as-a-Service (DDPaaS) to their tenants in a flexible and economic model. A few years ago, such DDoS technology was not available; now, it’s the wave of the future.

DDoS extortion campaigns are a common tool in the cyber-threat arsenal, and one of the easiest ways for an attacker to turn a quick profit. When service availability is threatened, the victim company needs to consider the potential loss in downtime, revenues and brand damage.

Law enforcement is at a disadvantage against hackers, mostly because distributed denial of service (DDoS) attacks leave little or no trace of evidence. However, police have made some arrests recently, which counts as a tiny bit of progress in the uphill battle against cyber criminals.

Many people are now asking the question, were the 2016 DDoS attacks just warm-up drills or test runs for even larger attacks that would cripple large parts of the Internet? The potential certainly exists; is it probable?

Business depends upon Internet reliability and security, so when it comes to choosing your Internet Service Provider (ISP), it pays to ask the right questions. Given the prevalence of DDoS attacks, one can no longer assume that that your Internet service will be 1) always reliable or 2) “clean.”

What challenges and changes will 2017 bring to the DDoS threat landscape? And why is there reason to be optimistic that the number of volumetric DDoS attacks will decrease in the next few years? Read our predictions for 2017.

In the wake of so many DDoS attacks in recent months/years, many enterprises and agencies are seeking ways to protect themselves from such attacks, and the burden of stopping DDoS attacks should fall mostly on Internet Service Providers and Hosting Providers.

In reference to the massive DDoS attack on Dyn, some telecommunications industry experts recently gathered to discuss the issue of “Net Neutrality,” an important and sensitive issue for Internet Service Providers.

Websites across the East Coast were impacted as a result of a reported DDoS attack against a well-known DNS provider’s Infrastructure. The online availability of popular brands such as Twitter, Spotify, Basecamp, Netflix and a laundry list of others were impacted.

In the run-up to the US election, we can expect to see more and more of the types of DDoS attack that took Newsweek offline last week. However, these attacks can easily be defeated by service providers, at the network edge.

Researchers from Ben Gurion University in Israel recently discovered that cyber criminals could launch a telephony denial-of-service (TDoS) attack that could take over thousands of smartphones to form a zombie army of botnets that would automatically dial repeated calls to a 911 system.

A new study published by international consulting firm KPMG and telecoms group BT recommends that businesses collaborate with telecom companies, Internet Service Providers, banks, credit-card providers, insurers and the security industry in a concerted effort to improve cyber security.

Recent DDoS attacks on Blizzard and EA servers highlight the vulnerability of the online gaming industry. Fortunately, gaming companies— or, for that matter, all companies that rely on a continuous online presence— now have better choices that can deliver near-instantaneous protection.

If your water utility delivered contaminated water into your home, you’d probably complain; of course consumers expect clean, potable water from their water utilities. Likewise, enterprise customers have begun to realize that “dirty” Internet traffic threatens their availability, security and bottom line, so they increasingly demand “clean pipe” from their Internet Service Providers (ISPs).

A DDoS attack on an Internet Service Provider (ISP) earlier this week crippled Internet service throughout Mumbai, India, which clearly demonstrated why it’s so important for ISPs to have DDoS protection.

Corero polled over 100 IT security professionals at the Infosecurity Europe 2016 conference in London last month, and the survey shows that UK businesses are not only worried about DDoS attacks, they want better protection from their Internet Service Providers.

If you’re doing research about DDoS protection solutions there are many choices out there, and it can be challenging to find the solution that best fits your organization. Learn about the pros and cons of scrubbing service vs. cloud-based mitigation vs. DDoS mitigation appliances.

Retaining and growing accounts for existing customers is much easier than gaining new ones, particularly in the telecommunications industry, which has significant turnover. But which technologies offer the greatest opportunities for this kind of advancement?

In a recent survey, 30% of respondents said their enterprise relies on traditional security infrastructure products (firewall, IPS, load balancers) to protect their businesses from DDoS attacks. Unfortunately, those companies are still very vulnerable to DDoS attacks.

At last week's Big Communications Event, the annual gathering of experts in the telecoms and communications industry, one major topic was how to secure the provider network and protect downstream customers from cyber threats.

Human intervention is insufficient for most cyber security attacks because humans can’t immediately see every attack, and they certainly can’t respond fast enough (in real time) to block all infiltrations.

When evaluating an Internet Service Provider, it’s important to consider the quality, as well as quantity, of bandwidth it offers. How effectively a provider protects its customers from Distributed Denial of Service (DDoS) attacks can have a dramatic impact on the quality of Internet service.

If your organization is debating the merits of a DDoS protection appliance compared to a DDoS scrubbing service, this blog post offers a short explanation of the key differences between these types of DDoS solutions.

Corero’s latest product, the SmartWall® Threat Defense - Virtual Edition (vNTD Monitor), allows service providers who are looking to scale out their security analytics environment to simply “drop” security visibility into any part of their network to analyze the nature of a threat.

This week ushered in several news articles about recent DDoS extortions that turned out to be scams conducted by some hackers who pretended to be part of the Armada Collective. Some businesses paid the ransom fee, but they could have avoided the entire problem if they had adequate DDoS protection in place.

FierceMarkets and Corero jointly published a new research report based on a survey of ISPs and enterprise customers regarding DDoS mitigation strategies. The report discusses not only the traditional methods of DDoS mitigation, but also the rationale of some ISPs who have not yet adopted more effective anti-DDoS technology.

There are millions of connected devices that comprise the Internet of Things (IoT), which leads to many security weaknesses that DDoS hackers can leverage. By using amplification techniques on the millions of very high bandwidth density devices currently accessible, such as baby video monitors and security cameras, DDoS attacks are set to become even more colossal in scale.

For today’s internet-driven businesses, any service degradation or outage can have a detrimental impact on brand, customer loyalty and the bottom line. Increasingly, such incidents are being caused by Distributed Denial of Service (DDoS) attacks, and this is one area where telecoms can take leadership.

Corero SmartWall® Threat Defense System (TDS) earned a top position in the latest NSS Labs DDoS Prevention Group Test, earning the coveted “Recommended” rating, with high performance in all test categories.

We've released the results of our annual DDoS Impact Survey, which polled technology decision makers, network operators and security experts about key DDoS issues and trends that Internet service providers and businesses face in 2016. Nearly half (45%) of the survey participants indicated that loss of customer trust is the most damaging consequence of DDoS attacks to businesses. See our infographic that sums up rest of the survey results!

Many organizations aren’t even aware of when their sites are experiencing a DDoS attack, because the majority of attacks are under 1 Gbps, and are perceived as only annoying “noise” in the IT background; the attacks are not large enough to get the attention of IT security staff. That doesn’t mean they should be ignored, however. Unseen, low-level DDoS attacks cause two problems.

Staminus, a global hosting and Web security firm, suffered a major blow late last week when it became the victim of a security breach. Staminus is a hosting provider and provider of cloud-based DDoS mitigation services.

DDoS attacks come in various forms, and hackers have become more sophisticated by launching blended attacks that combine three, four or five types of attacks at the same time. Fortunately, the Corero SmartWall Threat Defense System (TDS) defends against all of them. A recent 75Gbps combined ACK and SYN flood attack on a Corero customer illustrates this point.

In a recent webinar hosted by IHS on “Service Provider Deployment of DDoS Mitigation,” Stephen Clark, Director of IP Networks at Telesystem, explained that Block Communications implemented the Corero SmartWall® Threat Defense System on each of its vital interconnects to Tier 1 providers. The solution is in-line deployment of automatic DDoS mitigation that stops malicious traffic at the peering edge. “We can protect our networks at the gate, in real-time,” said Clark.

Last week we announced a new product: vNTD Monitor, which provides the freedom and flexibility to monitor DDoS activity in real-time against any server, application or network. This industry-leading technology provides visibility of attack traffic, intuitive analytics and alerting of DDoS attack vectors targeting a system or workload.

In the typical service provider network today, security is often an afterthought; after building the network, engineers typically add encryption and firewalls, neither of which is sufficient to protect against the increasing malware and DDoS attacks that plague networks and service functions.

The “2016 Cost of Data Center Outages Report,” published recently by Emerson Network Power in conjunction with the Ponemon Institute, states that unplanned data center outages cost companies nearly $9,000 per minute, and the second most common cause of outages was cybercrime, specifically Distributed Denial of Service (DDoS) attacks.

There are two aspects of fighting DDoS attacks. One is remediation—stopping the attack when it comes in. Corero and other providers have this part of the equation covered. The other aspect of stopping attacks has to do with law enforcement, which can be done only with the help and support of the victim companies.

Distributed denial of service (DDoS) attacks are clearly on the rise: growing in size, sophistication and frequency. Any type of website can be preyed upon by a DDoS attacker, and several high-profile websites have been hit in recent weeks, ranging from corporate enterprises and government agencies to educational institutions. In this blog post Corero COO Dave Larson answers questions about these troubling trends.

Corero's Security Operations Center* team monitors various customer websites 24/7, 365 days per year. They regularly see DDoS attacks in real-time, many of which are so small that they would be unnoticed by the customer if not for the Corero SmartWall® Threat Defense System (TDS). However, they also see very large, multi-vector attacks in progress. This blog includes sample reports of high-volume, multi-vector attacks detected and mitigated in real-time by the SmartWall® Threat Defense System.

Now that DDoS mitigation solutions are more affordable and scalable, there is opportunity to not only save on operational and bandwidth costs, but also to generate new revenue. Service providers can turn mitigation structure around to re-sell it as a service to their customers downstream.

Cyber insurance is not a substitute for making smart investments in cyber security and following industry best practices. However, it is an important part of almost any business's risk mitigation strategy.

Whether motivated by greed, cheap thrills or politics, DDoS hackers wreak havoc on websites. The best protection is prevention: defensive solutions that can detect and stop DDoS hackers in their tracks before they do any damage.

Hacktivism is on the rise as a motivation behind numerous DDoS attacks. For whatever reason, groups like Anonymous, Lizard Squad, Syrian Electronic Army, Chaos Computer Club and others believe they can intimidate corporations, government agencies, and other institutions by knocking these entities' websites offline for a period of time. One of the latest victims of a hacktivist attack is the Japanese carmaker Nissan.

Break the Internet? Kim Kardashian's Paper Magazine cover couldn't do it, but now someone is trying to bring it down for real using DDoS attacks on the Internet Domain Name System's root name servers.
Root Server Operators (RootOps) reports that on at least two separate occasions, several of the root name servers were hit with an...

The Internet has a very long history of utilizing mechanisms that may breathe new life into older technologies, stretching it out so that newer technologies may be delayed or obviated altogether. IPv4 addressing, and the well-known depletion associated with it, is one such area that has seen a plethora of mechanisms employed in order to give it...

Experts have long warned that the inherent lack of security in many of the devices that make up the Internet of Things (IoT) would come back to harm us in the end. Now there is firm evidence that hackers are exploiting weak and default credentials on embedded devices to create botnets that are the sources of DDoS attacks.
Closed-circuit...

Last month I published a post in reference to the surge in ransom driven DDoS attacks against Corero’s customers.
“Over the last thirty days, roughly 10% of Corero’s customer base has been faced with extortion attempts, threatening to take down their websites and services unless they pay out various Bitcoin ransoms. Through...

It’s well known in the industry that DDoS attacks are becoming more frequent and increasingly debilitating, turning DDoS mitigation into a mission critical initiative for providers. From the largest of carriers to small and mid-level enterprises, more and more Internet connected businesses are becoming a target of DDoS attacks. What was once...

It's almost easy to empathize with someone who feels justified in using DDoS tactics to temporarily take down websites that belong to the Islamic State, pedophiles, and racist and homophobic hate groups. Then we have to remind ourselves that, no matter how offensive or repugnant the content of these websites is, it's still considered to be...

The Corero Security Operations Center has seen an increase in cyber-extortionists targeting web hosting providers with Bitcoin ransom demands. Over the last thirty days, roughly 10% of Corero’s customer base has been faced with extortion attempts, threatening to take down their websites and services unless they pay out various Bitcoin...

Most CSP’s and Mobile Carriers have deployed some form of DDoS scrubbing complex in their network to clean large, long duration DDoS attacks. While this is a necessary first step in proactively working to defeat the DDoS challenge, the threat landscape is constantly changing and requires a more modern approach to protection.
Based on...

The group calling themselves “DDoS for Bitcoin” (DD4BC) continues to extort money from a host of companies located all over the globe, and today very few organizations are able to adequately protect themselves from DD4BC’s tactics. The group’s extortion campaigns have been increasing recently which include a preemptive...

Over the past few weeks news feeds all over the world have been pulsating about the recent DARPA announcement. On August 14th, 2015 the U.S. Defense Advanced Research Projects Agency (DARPA) announced an initiative called Extreme DDoS Defense (XD3). Interestingly enough, DARPA is not the only U.S. government agency calling for research...

Lizard Squad just can't leave it alone.
Last week we reported that the National Crime Agency (NCA) in the United Kingdom arrested a number of teenagers who used Lizard Squad's DDoS tool Lizard Stresser. (See Users of DDoS-as-a-Service are arrested in the UK.)
Just days after those arrests, the NCA's website was attacked and...

The stakes have been raised even higher as organizations prepare for three new methods of DDoS attacks that have emerged in the last six months alone. The reflective/amplified category of DDoS attack has been around for nearly four years, but once again attackers are finding new methods of launching their assaults within this attack...

In an in-line peering point DDoS protection deployment scenario, SmartWall ® Network Threat Defense Appliances (NTD) are deployed on each of the Service Providers’ peering points to their upstream Internet bandwidth providers. This ensures always-on DDoS attack mitigation services while benefitting from the highest levels of...

Just recently the Internet Complaint Center (IC3) issued an alert to businesses regarding a rise in extortion campaigns, tied to threats of DDoS attack activity unless a ransom is paid.
The rise in DDoS attacks generally, is not surprising at all and the use of the “DDoS threat” for ransom or extortion is not a new tactic in...

Ideological motivations for DDoS attacks can impact anyone at any time. This week, two high profile organizations Planned Parenthood and New York Magazine were severely impacted by ideological hacktivists taking down their websites with DDoS attacks.

In the late 1990’s a large number of DSL providers were raising millions of dollars in venture capital to build their DSL networks in the United States. in order to offer broadband Internet access to local consumers. Many subscribers were still utilizing dial-up services and the demand for faster Internet connections and more available...

If you're running an illegal business that the authorities would like to shut down, you are highly unlikely to call the police or FBI if a cyber attack is affecting your business. And so it is that online operators of "unregulated activities" such as illegal gambling sites are finding themselves to be the victims of extortion...

In a large Carrier environment, DDoS attacks have escalated from a nuisance, to a sophisticated threat, and now to a revenue opportunity. Scrubbing DDoS traffic at a centralized location, after attacks have been detected has become a commonplace approach to reducing the amount of DDoS traffic transiting Carrier networks, and sent to downstream...

Several high profile organizations experienced ‘unexplained’ service outages yesterday, begging the question “is there any connection across these discrete outages”. All trading on the New York Stock Exchange was halted for nearly four hours for undisclosed internal technical reasons, while a so-called technical glitch halted United Airlines flights around the country for about two hours. The Wall Street Journal’s web site was also rendered unavailable just after the NYSE halted trading.

For a device to offer DDoS protection it must be able to handle the different traffic profiles that constitute the current DDoS attack landscape. By illustrating the relative layer 3 and layer 4 counts of source and destination one can easily see the major categories of DDoS Threats. After introducing a basic traffic shape, anomalous variants will...

Most of us who operate in the world of DDoS attacks have known about the reflective/amplified DDoS attack vector for several years. As a matter of fact Corero was warning the public that this attack vector was coming nearly 5 years ago; before the first attack of this type was ever observed. Today it seems the attackers will do whatever is...

We've posted several articles lately about DDoS attacks being aimed at educational institutions right about the time that important exams are being taken by a large percentage of students. (See Sorry, Kids, Your Final Exam Has Been DDoS'd and High school student charged with a felony after DDoSing his school district.)
Now comes...

As ISPs, Hosting Providers and Online Enterprises around the world continue suffering the effects of DDoS attacks, often the discussions that follow are, “What is the best way to defend our networks and our customers against an attack?” Traditional techniques of defense include SYN-cookies, SYN-proxy, redirects, challenges, and...

When researching the topic, Do cyber-attacks, especially DDoS attacks result in more outages than natural or man-made disasters, I stumbled upon a 2013 annual report from The European Union Agency for Network and Information Security (ENISA). According to their website, “ENISA is a centre of network and information security expertise...

The vast majority of Corero customers require always on DDoS protection to ensure service availability for their customers—ensuring that all good user traffic flows unimpeded, while DDoS attack traffic is mitigated in real-time. The Corero SmartWall® Threat Defense System (TDS) allows for always-on DDoS protection with a unique and...

Censorship watchdog GreatFire.org lit a fire that has turned into quite a conflagration.
GreatFire.org is known for punching holes in China's Great Firewall, the surveillance and censorship system that attempts to prevent Chinese businesses and citizens from reaching the outside world via the Internet. GreatFire provides open access to the...

A DDoS focused report released by Neustar earlier this week caught my eye with a statement made by Neustar Senior Vice President and Fellow, Rodney Joffe. Rodney makes an interesting recommendation around the need to “develop industry-based mitigation technologies that incorporate mechanisms to distribute attack source information into ISPs,...

The DDoS threat landscape is a broad, ever evolving and dynamic topic that is covered by many different perspectives. One angle that doesn’t always get the spotlight is the use of DDoS attacks as a diversionary tactic or profiling mechanism for advanced assaults against a target victim.
Traditionally the term “DDoS” has been...

As organizations around the globe become more-and-more reliant on the Internet, a serious weakness has begun to emerge in our connected world. Since its inception, the Internet has been all about availability; when the Internet goes down, businesses that rely on that availability go down with it. DDoS attacks are single handedly the most...

There has been a flurry of DDoS reports from DDoS protection vendors as of late, and Corero has thrown its hat in the ring as well. The recently released Corero DDoS Trends and Analysis report offers a unique perspective of the growing DDoS threat; offering a stark contrast to the majority of the reports saturating the headlines this month.
The...

With regards to scrubbing-lane approaches, years ago Internet Service Providers (ISP) realized, “Yes DDoS is a problem we will have to deal with now and in the future”. From some reports as early as the year 2000 ISPs began observing DDoS attacks traversing their networks. How did they see the effects of DDoS attacks - way back...

The recent DDoS attacks impacting Swedish cable, Internet and mobile service provider, TeliaSonera is another grim reminder of the impact a DDoS attack can have not only on the business itself, but the 5 million subscribers that were left without service, and left "Sweden not working", as TeliaSonera’s CEO Johan Dennelind has...

While visiting the Hague Security Delta in The Netherlands last week, I learned about an interesting initiative that's being tested to provide trusted computing among select organizations. Known as the Trusted Networks Initiative, it is being touted as an alternative "last resort" means to fend off DDoS attacks. The idea is to close...

First of all, let me say thank you to the security professionals who are working their butts off to develop patches and permanent fixes for problems caused by Heartbleed. I know this is an extraordinary case of the highest priority. Thank you for using your talents and your time to plug this gaping hole and make your users safe again.
That...

Corero recently partnered with John Pescatore, Director of Emerging Security Trends with the SANS Institute in developing a survey program designed to shed more light on organizations’ experiences with DDoS attacks.
What we uncovered does not come as a surprise to those well entrenched in the DDoS defense space. The results continue...

In his recent “Attack of the Month Video Blog Series,” Stephen Gates talks about NTP reflective traffic as the latest technique being used to launch DDoS attacks against hapless victims. This is certainly something to pay attention to. Since the beginning of 2014, the number of attacks using this method has skyrocketed, largely because...

NTP or Network Time Protocol attacks have been taking center stage as of late.
What’s interesting here is that the move to exploit UDP based protocol suggests that we (the good guys) are raising the security bar and thus making it more difficult to successfully exploit DNS amplification attacks.
NTP is another critical Internet service...

Polish computer programmers Patryk Surmacki and Piotr Smirnow were recently sentenced to 5 years and 4 months in jail for perpetrating a blackmail scheme that also involved the use of a DDoS attack as intimidation. Prior to sentencing, the pair plead guilty to blackmail and they admitted to conspiracy to access, use and impair computers without...